Share this post

Link to post

Share on other sites

I see that even if I add my own shield to protect chrome.exe, it is cancelled the next time that MBAE starts. Is Google Chrome so infallible or so well protected by its own defences that users can safely use it with the confidence that MBAE bestows on them? I do not trust Google's Chrome to be its own Devil's Advocate and in any case the Chrome 'anti-malware' apparently does not deliver real-time protection against exploits. I will continue to use MBAE 1.12.1.109 (with modified HOSTS file).

Using third party anti-malware solutions increases the entropy (randomness) of using any web browser or other vulnerable software. If Google thinks that it is a good idea to reduce that entropy by disallowing other's anti-malware, and moreover to provide it's own inferior anti-malware, then that is why I do not trust Google. Hackers will surely realise what Google has done to Chrome and that will only encourage them to attack Chrome with even greater vigour.

Share this post

Link to post

Share on other sites

Thanks to Google's policy regarding anti-exploit software, I have installed Opera and like it very much. A great deal of careful thought by Opera is very evident. Opera provides an extension which facilitates installation of extensions (such as Malwarebytes) from the Google store.

Share this post

Link to post

Share on other sites

If Google sweeps away the irritant of the third party anti-malware specialists and appoints its own personnel to be sole guards of its web browser, who will guard the guards? What pressures of expediency will in the future suppress due diligence among its own developers? This sort of change comes from higher up in a parent organisation. How will users know in future if Google Chrome is vulnerable to exploits when the alarm is silenced? If Google was infallible then it would not matter. The black hats must be rubbing their hands in glee.

Share this post

Link to post

Share on other sites

It is an unfortunate truth that exploits/vulnerabilities are unavoidable, no matter how cautious and strict the Devs behind the code. And now with Chrome being the number one browser by far, thanks in large part do the adoption of mobile devices (tablets, smart phones, ultrabooks etc.) as well as its rise in popularity on PCs, Mac and Linux, it is a prime target of the bad guys. I use SRWare Iron which is based on Chromium (minus Google's branding, ads and tracking), and I added a custom shield to Malwarebytes 3's Exploit Protection for it (chrome.exe, browser category/classification) as soon as this change was made and have had 0 problems since doing so and I advise anyone running a Chromium based browser to do the same (as long as it isn't Chrome itself, as Google obviously would complain/block the injection of the Anti-Exploit DLL).

If they want to shoot their own users and Developers in the foot this way for the sake of stability, that's their business, but I won't stand by while they are deliberately making our users and customers less secure than they should be.

I also highly recommend installing the Malwarebytes browser extension beta which is available for Chrome and other Chromium based browsers as well as Firefox:

It's like a suped-up version of the Web Protection in Malwarebytes 3, but adds behavior blocking of tech support scam sites, ad blocking and tracking server blocking to protect privacy along with anti-phishing and clickbait site blocking on top of the web protection databases used by Web Protection in Malwarebytes 3 Premium and is designed to work alongside MB3 Premium to enhance your protection, and even speeds up page blocks/redirects from the Web Protection component so you may even see performance improvements in browsing speeds when using it alongside Malwarebytes 3's Web Protection component.